So, today is the 5th annual Internet of Things Day, happy IoT Day everyone!
The phenomenon that is IoT is rarely out of the news at the moment, as it continues to gather momentum among the big players of the tech industry.
IBM recently announced a $3 billion investment in a new Internet of Things division, Microsoft is targeting IoT with its Windows 10 OS and Amazon recently strengthened its position in the industry with the acquisition of a US startup.
To celebrate Interner of Things Day 2015, we reached out to some industry experts for comment and analysis:
Piers Wilson, head of product management at Tier-3 Huntsman:
“IoT Day is a great opportunity to take stock of some of the key issues that are likely to arise as the Internet of Things takes off. As with a number of previous technologies, there is an inevitable link between the rate of adoption, an exponential increase in security weaknesses and the presence of consumer-based technologies on enterprise networks.
Securing these devices isn’t easy, because they often can’t run traditional anti-malware solutions or allow secure configuration. IoT device manufacturers simply don’t see it as their responsibility to develop these technologies with security in mind.
Indeed, four researchers from EURECOM France conducted the first large scale analysis of firmware in embedded devices and found that over 140,000 devices in existence today contain zero-day vulnerabilities, backdoors and poor methods of authentication.
When this laissez faire approach to IoT device security enters the enterprise, the risks magnify and go way beyond the traditional security implications of data loss, fraud, damaged reputations or privacy infringements.
Chris McIntosh, CEO of ViaSat UK:
“Only last year, we saw refrigerators used as a DDoS botnet, meaning almost any device can serve as a point of attack as well as a point of entry to the network. Technological progress could eventually mean that every car, appliance and even medical devices such as pacemakers will be connected to the internet.
Indeed, previously closed industrial networks are now opening up to the internet mainly because it is seen as a more viable and cost-effective method than dedicated lines of communication. Within the energy industries in particular, we have seen increased communication over the internet to communicate information between control stations, power plants and sub-stations.
Organisations are now realising they are woefully exposed to attack and need to consider a wider new approach to prevent the Internet of Things becoming an Internet of Threats.
“Organisations need to limit the scope of access from unauthorised parties as much as possible and assume that their networks have already been infected; this includes ensuring that, even if (or rather when) an attacker makes it into the system, the opportunity to do damage or steal data is limited.
Next, organisations will need to take steps to cleanse the network from threats and ensure each node can be trusted to convey the right information.
Organisations need to wake up to the Internet of Threats and realise that a major cyber-attack on a nationwide scale is not just a possibility, but an inevitability.”
Martin Sugden, MD of Boldon James:
“Today marks the fifth annual Global IoT Day - arguably, the reason the Internet of Things is called that is because no one can quite get their heads round everything that it might encompass, so ‘things’ was the best anyone could do.
Given this level of complexity, organisations must find a way to identify and protect key data in the tide of information that IoT generates.
A data-centric security policy that requires staff to assign a value to data ensures that organisations can identify and control sensitive data no matter where it is and how much data they have.”